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BAKER BOTTS L.L.P 
30 ROCKEFELLER PLAZA 
NEW YORK, NEW YORK 10112 



TO ALL WHOM IT MAY CONCERN: 

Be it known that We, BRUCE A. WILLINS and RICHARD M. 
VOLLKOMMER, citizens of the United States, residing at 1 1 Findley Drive, East 
Norport, New York 11731 and 316 Devon Lane, Smithtown, New York 11787,have made 
an invention entitled 

BLUE TOOTH OUT-OF-BAND MANAGEMENT AND TRAFFIC MONITORING 

FOR WIRELESS ACCESS POINTS 

of which the following is a 

SPECIFICATION 

BACKGROUND OF THE INVENTION 
[0001] The current invention relates to access points in a wireless local area network, such 
as access points in an IEEE Standard 802.1 1 wireless local area network. In particular the 
current invention relates to providing "out-of-band" management and monitoring of access 
points in a wireless local area network. 
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[0002] It is an object of the present invention to provide a method and apparatus for 
providing out-of-band management and monitoring communications with access points 
used in connection with a wireless local area network. 

SUMMARY OF THE INVENTION 
[0003] In accordance with the invention there is provided a method for use in a 
system for providing wireless data communications using a first protocol, where the 
system has access points for conducting wireless data communications with mobile units 
using the first protocol. According to the invention there is provided a method for 
conducting out of band management communications with an access point which includes 
providing the access point with a radio module operating according to a second wireless 
data communications protocol and conducting management communications with the 
access point using the second wireless data communications protocol. 
[0004] In one embodiment of the invention the first protocol is an 802.1 1 protocol 
The second data communications protocol may be a Bluetooth protocol. The management 
communications may be conducted by causing the radio module associated with the 
access point to become associated as a slave unit with a master unit operating under the 
second wireless data communications protocol. 

[0005] In accordance with the present invention there is provided an access point for 
use in a wireless data communications system. The access point includes a first interface 
for conducting data communications with one or more computers. A first radio module 
using a first protocol is provided for sending wireless data messages received at the first 
interface and for receiving and relaying data messages via the first interface. At least one 
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processor is provided for controlling the access point wherein the processor has a second 
interface. A second radio module using a second wireless data communications protocol 
for wireless data communications different than the first protocol is provided for 
providing wireless data communications with the processor via the second interface. 
[0006] In one embodiment the second radio module is arranged to operate as a slave 
module using a master/slave protocol, which may be the Bluetooth protocol 
[0007] For a better understanding of the present invention, together with other and 
further objects, reference is made to the following description, taken in conjunction with 
the accompanying drawings, and its scope will be pointed out in the appended claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Figure 1, is a block diagram showing a wireless local area network in 

which the method of the present invention may be practiced and including access points 

according to the present invention. 

Figure 2, is a block diagram illustrating one configuration of access points 

in accordance with the present invention. 

DESCRIPTION OF THE INVENTION 
[0008] Referring to Figure 1 there is illustrated a block diagram of a wireless local area 
network system in which the method of the invention may be practiced. The wireless 
local area network 10 includes a host computer 12 which is connected by a router or 
switching circuit 14 to access points 20 and 22 over internet communications cables 16 
and 18. Those skilled in the art will recognize that in a typical system, such as a system 
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following the IEEE standard 802.1 1 protocol, there may be multiple computers connected 
to a wired internet system by routers 14 and there may be many access points distributed 
over a facility, such as a university campus, a hospital, or an industrial establishment. 
Each of the access points 20 and 22 provides communications with mobile units 28, 30 32 
and 34 that are in the vicinity of the respective access points. Communications is by a 
wireless local area network protocol, such as standard 802. 1 1 , wherein a mobile units 
become associated with and communicates with the network over access points to provide 
a wireless data communications with computer 12 and other elements of the system. One 
example of a wireless system is the Spectrum 24 system which is available from Symbol 
Technologies, assignee of the present application. 

[0009] According to the 802. 1 1 protocol, mobile units 28 and 30, which are in 
proximity to access point 20 communicate with the radio module of access point 20, 
indicated by antenna symbol 24. The selection of access point 20 for communications by 
mobile units 28 and 30 is in accordance with the signal strength of the beacons provided 
by the access, points and accordingly the mobile units ideally become associated with the 
access points in the closest proximity, or having the best conditions for mobile 
communications. It should be recognized, however, in some circumstances mobile units 
may be directed to communicate with other access points, for example to control traffic in 
a system. Likewise mobile units 32 and 34 may be associated with access point 22 
through its RF module for the 802.1 1 system, represented by antenna symbol 26. 
[0010] In systems of the type shown in Figure 1 and described thus far, it is common 
practice to provide management communications with access points 20 and 22 through the 
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internet system, such as from computer 12 via router 14 and internet cable 16, 18 to access 
points 20 and 22. Such management communications may provide updated system 
information, modified system programming, information concerning association with 
mobile units and other appropriate data or software for use by access points 20 and 22. In 
addition computer 12 may communicate with access points 20, 22 to read out data 
accumulated by access points 20, 22, for example, with respect to the traffic load that they 
are handling for purposes of communications and system management. 
[0011] In some cases, the ability of computer 12 to successfully access the 
management communications functions of access points 20 and 22 may not be successful. 
One reason may be an error in the configuration of the access point 20, 22 for data 
communications on internet cable 16. Another reason may be an error in the currently 
stored software for access point 20 or 22. When this communication failure occurs, a 
process called "in-band management communication failure," it becomes necessary to 
communicate with the access point 20, 22 via another means in order to correct the failure. 
[0012] One way in which out of band communication with remote access points 
which has been conducted in the past is by providing a portable system, such as a 
computer, which is provided with management software, and which can be physically 
connected, by a data communications cable to a port on access points 20 or 22. The 
problem with this prior art approach is that the access points 20 or 22 may be located in 
difficult to reach locations, such as mounted on or within the ceiling of a facility, so that 
they are not subject to tampering. In this event, it becomes necessary for a service 
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technician to obtain and climb a ladder, locate the access point and make a physical 
connection therewith. 

[0013] The block diagram of Figure 1 shows an improved method and system whereby 
out of band management and monitoring communications can be conducted with access 
points 20, 22 using an alternate data communication protocol which is provided between a 
second radio module in access points 20, 22, represented in Figure 1 by second antennas 
36, 38 and a wireless terminal 40 having a communications module, represented by 
antenna symbol 42. Wireless terminal 40 communicates with access points 20 or 22 via 
their second radio module preferably using a wireless data communications protocol that 
is different than the data communications protocol used in the wireless local area network 
10. For example if the wireless local area network 10 is communicating with mobile units 
28, 30, 32 and 34 using the data communications protocol of IEEE 802.1 1, wireless 
terminal 40 may communicate with access points 20, 22 for monitoring and management 
functions using a second wireless data communications protocol such as a master-slave 
data communications protocol, which may be Bluetooth. Figure 2 is block diagram of one 
embodiment of an access point having a second radio module according to the present 
invention. 

[0014] In Figure 2 there is shown a block diagram of an access point 20 which 
includes a network interface 50, a processor 52, which may be a microprocessor or a 
digital signal processor, and which provides an interface for providing data messages, 
such as 802.1 1 data packets from network interface 50 to RF module 54, operating under 
802.1 1 protocol. Processor 52 may provide, in addition to the interface functions, certain 
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802.1 1 higher level MAC processing. In addition to interface 50, processor 54 and radio 
52, which are found in conventional access points, there is provided a second radio 
module 56 which is connected to a port of processor 52, for providing RF data 
communications using a master/slave protocol, such as Bluetooth. In an exemplary 
embodiment, RF module 56 operates as slave unit under the Bluetooth protocol, and when 
accessed and commanded by wireless terminal 40, which has a Bluetooth master RF 
module, becomes associated with the master RF module of terminal 40, and acts as a slave 
unit to provide management communications between processor 52 and wireless 
management module terminal 40. In addition terminal 40 may be used to access data 
relating to the traffic being handled by access point 20 as recorded or determined in 
processor 52. 

[0015] Security features are preferably provided for the communication between 
wireless terminal 40 and access point 20. Security features can provide mutual 
authentication of the wireless terminal 40 and the access point 20 to assure that the 
wireless terminal is authorized to conduct management communications with the access 
point. In addition, authentication can provide assurance that the communication is with 
the intended access point. 

[0016] In addition, message encryption can be used to assure that the data 
communications are authentic and maintained confidential. 

[0017] Security features may be limited to communications using RF module 56, 
since the operation of the wired interface 50 and RF module 54 may not be available in 



NY02:3 16032.1 



7 



FILE NO.: 34144-072797.0134 



situations when out-of-band management functions are required. Accordingly, the 
security features must be carried out entirely within access point 20. 
[0018] One method to provide security is to provide a pre-shared secret, which is 
dedicated to communications with the out-of-band management module 56. Alternately 
the same shared secret can be used for authentication between the access point and a 
network authentication server. The shared secret is preferably stored in some form of 
secure storage, either embedded in the access point 20 or in a removable token, such as a 
"smart card". 

[0019] One possible arrangement is KERBEROS based security, which uses 
electronic "tickets" to initiate access, The wireless terminal 40 can request and obtain a 
KERBEROS ticket to authorize access to the out-of-band management RF module 56 of 
an access point 20. In addition, or alternatively, a universal ticket allowing out-of-band 
access to all ports may be provided. 

[0020] While there have been described what are believed to be the preferred 
embodiments of the present invention, those skilled in the art will recognize that other and 
further changes and modifications may be made thereto without departing from the spirit 
of the invention and it is intended to claim all such changes and modifications as for 
within the true scope of the invention. 
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